CVE-2021-34354

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18...

CVE-2021-38675

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 2021/08/17 and la...

CVE-2021-34355

A cross-site scripting XSS vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10...

CVE-2021-34356

CVE-2021-34356 describes a stored cross-site scripting (XSS) vulnerability impacting QNAP Photo Station . The available documents confirm that the vulnerability affected Photo Station and could allow remote attackers to inject malicious code, with a fixed release noted as Photo Station 6.0.18 (re...

CVE-2021-34355

CVE-2021-34355 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station for NAS. The issue affects Photo Station prior to fixed releases and could allow remote code injection via the web interface. Fixed versions are Photo Station 5.4.10 and later, 5.7.13 and later, and 6.0.18 and late...

Qnap Image2PDF 跨站脚本漏洞

Qnap Image2PDF is a Windows-based application from China Weilian Technology Qnap. It is used to organize image files, providing quick access and viewing. Qnap Image2PDF suffers from a cross-site scripting vulnerability that originates from Image2PDF allowing remote attackers to inject malicious...

Qnap Photo Station 跨站脚本漏洞

Qnap Photo Station is an online photo album from China's Qnap Technology Qnap. It is used to organize multimedia content photos and videos on Qnap Nas. A cross-site scripting vulnerability exists in QNAP devices prior to Qnap Photo Station 6.0.18 2021 09 01, which can be exploited by remote...

Qnap Photo Station 跨站脚本漏洞

Qnap Photo Station is an online photo album from China's Qnap Technology Qnap. It is used to organize multimedia content photos and videos on Qnap Nas. A cross-site scripting vulnerability exists in versions prior to Qnap Photo Station 6.0.18 2021 09 01, which can be exploited by remote attackers...

Vulnerability fixed in IBM WebSphere

A vulnerability has been fixed in the Dojo library used used by WebSphere Application Server. By exploiting this vulnerability, a remote malicious person may be able to inject arbitrary code onto the system. IBM has released updates to fix the vulnerabilities. More information can be found on the...

CVE-2020-19048

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...

PT-2021-7541 · Vmware · Vmware Vrealize Log Insight

Name of the Vulnerable Software and Affected Versions: VMware vRealize Log Insight versions 8.x prior to 8.4 Description: The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be...

CVE-2021-20811

CVE-2021-20811 is an XSS vulnerability in Movable Type’s List of Assets screen. The affected products and versions include Movable Type 7 (r.4903 and earlier), Movable Type 6 (6.8.0 and earlier), Movable Type Advanced 7 (r.4903 and earlier), Movable Type Premium 1.44 and earlier, and Movable Type...

The vulnerability of the manager for Cockpit servers, related to errors in displaying the user interface or frames, allows a perpetrator to inject malicious code.

The vulnerability of the Cockpit server administrator relates to errors in displaying the user interface or frames. Exploiting this vulnerability allows a malicious actor to inject malicious code remotely...

CVE-2018-17862

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

The vulnerability of the “screen.import.php” script in the Zabbix monitoring system allows a hacker to inject and execute arbitrary code in the user’s browser context within an vulnerable application.

The vulnerability of the “screen.import.php” script in the Zabbix monitoring system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject and execute arbitrary code in the user’s browser context remotely...

CVE-2021-33336

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Elastic Storage System (CVE-2020-5258)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System 3000, which could allow a remote attacker to inject arbitrary code in the system. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

CVE-2021-34817

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258)

Summary There is a Dojo vulnerability in WebSphere Liberty used by Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype...